• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Internet Security and Legal Compliance: Cyber Law in India
 

Internet Security and Legal Compliance: Cyber Law in India

on

  • 2,696 views

Information Technology Act - Cyber Security in India

Information Technology Act - Cyber Security in India

Statistics

Views

Total Views
2,696
Views on SlideShare
2,691
Embed Views
5

Actions

Likes
3
Downloads
0
Comments
0

2 Embeds 5

http://www.linkedin.com 4
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.
  • © 2011. Rodney D. Ryder. All rights reserved.

Internet Security and Legal Compliance: Cyber Law in India Internet Security and Legal Compliance: Cyber Law in India Presentation Transcript

  • Internet Security and Legal Compliance: Regulating Cyberspace – Version 2.0 Rodney D. Ryder Rodney D. Ryder Scriboard
  • Internet Security and Legal Compliance: Regulating Cyberspace – Version 2.0
    • Part 1 – Internet Law and Policy
    • Information Technology Act, 2000
    • Structuring a policy
    • Current law in India
    • Part 2 – Data Privacy and Digital Rights Management [Challenges and Strategies]
    • Data Protection legislation around the world
    • European Commission Directive and the UK Act
    • Data Protection model: the United States
    • Digital Rights Management
    Rodney D. Ryder Scriboard
  • The need for a national strategy Internet Law and Policy: New Media Regulation and India Rodney D. Ryder Scriboard
    • Speed and Convenience
    • Mobile access
    • Personalised and tailored
    • Data mining sophistication
    • Loss of control
    • Insecurity
    • Lack of confidence
    • Increased scepticism
    • Low uptake of eCommerce
    The need for a strategy - to secure Cyberspace
    • Technological advances in data storage and transmission
    • Globalisation of communications - the internet
    • Convergence and standardisation of technologies
    • Increasing importance of data processing
    Rodney D. Ryder Scriboard
  • The Rise [and fall?] of Cyberspace
    • The Internet – ‘decentralised routing system’ – designed to carry messages from point to point even if intermediate communication exchanges are blocked, damaged or destroyed. <the dumb network>
    • ‘ The net interprets censorship as damage, and routes around it’. John Gilmore, Lawless, The Economist, July 1995.
    • <Cyberspace>; <Neuromancer> and the “Network” [A place governed by its own laws - as introduced by William Gibson ]
    • “ Law and Borders”: the ‘independent’ theory of cyberspace law [David Post and David Johnson, Stanford Law Review]
    • Benkler’s layers – the physical, the code and content [in communications theory]
    • Lessig <Code and other laws of Cyberspace>
    • Ryder <Regulating ‘Indian’ Cyberspace>
    • Goldsmith and Wu <Who Controls the Internet? The Illusions of a Borderless World>
    Rodney D. Ryder Scriboard
  • The ‘New Medium’ and the Law
    • Securing “Indian” Cyberspace [regulations and the history of trade – towards pax mercatur ]
    • Law and Technology – ‘functional equivalence’
    • The basic premise: the machine or the medium
    • Adaptability and Enforcement of Indian law – lessons from the American experience [Adobe Systems v. Dmitry Skylarov]
    • Enhance collaboration between law enforcement and industry to prevent and prosecute cyber crimes
    Rodney D. Ryder Scriboard
  • Cybercrime and [the] Cyber Security Programme
    • Understanding the role of the medium – incidental [blackmail, stalking]; content [obscene or sensitive material]; integrity [unauthorised access and/or modification]
    • The criminal act – discovery [detection] and analysis
    • The Cybercrime Manual – fostering preparedness
    • Focussing on ‘relevant’ issues and appropriate classification of offences
    • Cyber forensics and the collection of evidence
    • Crisis management [internal and external]
    Rodney D. Ryder Scriboard
  • Key Components of a Cyber Security Programme
    • The Team [Member of the Board, Human Resources Manager, Chief Information Officer, Legal Counsel, E-Risk Management Consultant, Internet Security Expert, Cyberinsurance broker]
    • Utilising and factoring security tools – Digital signatures are a ‘sign of our times’
    • Understanding and evaluating risks [internal and external]
    • Allocating roles and responsibilities - Structuring the audit process [examining use and abuse]
    • Ten Tips – [i] Firewalls with secure passwords; [ii] correct installation and maintenance [the human angle]; [iii] encryption; [iv] assign network administrators a security role; [v] External consultants and auditors; [vi] periodic security audits; [vii] do not ignore ‘small company’ security needs; [viii] limit access to the computer room; [ix] educate employees about the dangers of social engineering; [x] educate employees on potential threats.
    Rodney D. Ryder Scriboard
  • Structuring a Cyber Security Manual
    • A training process for legal compliance
    • The Basics: the “machine” and the “medium” – What is a Cybercrime?
    • Develop programs that promote a culture of security within and across enterprises, including corporate governance, integration of physical and cyber security, and cyber ethics from school to the office
    • Engage with industry, academia and government in both countries to foster research and development and collaborative education efforts in information security
    Rodney D. Ryder Scriboard
  • The Information Technology Act, 2000
    • Chapter I: Preliminary [Definitions]
    • Chapter II: Digital Signatures and Electronic Signatures
    • Chapter III: Electronic Governance
    • Chapter IV: Attribution, Acknowledgement and Dispatch of Electronic Records
    • Chapter V: Secure Electronic Records and Secure Electronic Signatures
    • Chapter VI: Regulation of Certifying Authorities
    • Chapter VII: Electronic Signature Certificates
    Rodney D. Ryder Scriboard
  • The Information Technology Act, 2000
    • Chapter VIII: Duties of Subscribers
    • Chapter IX: Penalties, Compensation and Adjudication
    • Chapter X: The Cyber Appellate Tribunal
    • Chapter XI: Offences
    • Chapter XII: Intermediaries not to be liable in certain cases
    • Chapter XIIA: Examiner of Electronic Evidence
    • Chapter XIII: Miscellaneous
    Rodney D. Ryder Scriboard
  • ‘ Offences’ under the Indian Information Technology Act, 2000
    • Tampering with computer source documents/‘code’ [Section 65];
    • Transmission of Offensive Messages through Communication [Section 66A];
    • Dishonest receipt of stolen computer resource or communication device [Section 66B];
    • Punishment for Identity Theft [Section 66C];
    • Cheating by personation using computer resource [Section 66D];
    • Violation of Privacy [Section 66E]
    • Cyber Terrorism [Section 66F];
    • Publishing or transmitting obscene material in electronic form [Section 67]; Publishing or transmitting of material containing sexually explicit act in electronic form [Section 67A]; Publishing or transmitting of material depicting children in sexually explicit act in electronic form [Section 67B].
    Rodney D. Ryder Scriboard
  • Data Privacy and the National Cyber Security Program Data Privacy and Indian Law Rodney D. Ryder Scriboard
  • Privacy concerns
    • A fundamental human right
    • the right of the individual to be let alone
    • Information Privacy (data protection) - personal data
    • Bodily privacy - invasive procedures - search, drug testing; genetic testing; etc
    • Communications Privacy - mail, telephone, e-mail etc
    • Territorial privacy - domestic privacy; CCTV; ID checks etc
    • “ Public” aspects - surveillance, police powers and national security
    • “ Private” aspects - commercial use of data
    Rodney D. Ryder Scriboard
  • Growth of Importance of Privacy
    • Overview - major International and US regulations
      • 1948 UN Universal Declaration of Human Rights
      • 1970 US Fair Credit Reporting Act
      • 1974 US Privacy Act
      • 1976 International Covenant on Civil and Political Rights
      • 1980 OECD Guidelines on Protection of Privacy
      • 1980 US Privacy Protection Act
      • 1995 European Commission Directive on Data Protection
      • 1994 US Communications Assistance to Law Enforcement Act
      • 1996 US Health Insurance Portability and Accountability Act
      • 1998 US Children's Online Privacy Protection Act
      • 1998 European Member States implement Directive
      • 1999 US Financial Services Modernization Act
    Rodney D. Ryder Scriboard BUSINESS ISSUES HUMAN RIGHTS
  • Privacy and Data Protection law in India
    • There is no general privacy or data protection law in India:
    • Constitution Article 21
    • Right to life and liberty, interpreted by Supreme Court as including the “right to be let alone”
    • International Covenant on Civil and Political Rights 1966 Article 17:
    • No one shall be subject to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
    • Law of privacy (Tort Law) – Action for unlawful invasion of privacy
    Rodney D. Ryder Scriboard
  • The [Indian] Information Technology Act, 2000
    • Information Technology Act 2000
    • Section 43 (a)
    • Penalty for unauthorised access to a computer system
    • Section 43 (b) -
    • Penalty for unauthorised downloading or copying of data without permission
    • Section 72 -
    • Offence of accessing any electronic record, book, register, correspondence, information, document or other material and, without the consent of the person concerned , disclosing such information to another person
    Rodney D. Ryder Scriboard
  • Current law in India
    • Public Financial Institutions Act of 1983 codifies confidentiality of bank transactions
    • ISPs prohibited from violating privacy rights of subscribers by virtue of the licence to operate granted by the Department of Telecommunications
    • A general data protection law in India?
    • National Task Force on IT and Software Development 1998 Submitted “IT Action Plan” calling for “National Policy on Information Security, Privacy and Data Protection Act for handling of computerised data” but no Act introduced to date
    Rodney D. Ryder Scriboard
  • Possible approaches to Data Protection Data Protection Worldwide Rodney D. Ryder Scriboard
  • Data Protection legislation worldwide NONE PENDING IN PLACE EUD or ‘ADEQUATE’
    • AFGHANISTAN
    • ALBANIA
    • ALGERIA
    • AMERICAN SAMOA
    • ANDORRA
    • ANGOLA
    • ANGUILLA
    • ANTARCTICA
    • ANTIGUA AND BARBUDA
    • ARGENTINA
    • ARMENIA
    • ARUBA
    • AUSTRALIA
    • AUSTRIA
    • AZERBAIJAN
    • BAHAMAS
    • BAHRAIN
    • BANGLADESH
    • BARBADOS
    • BELARUS
    • BELGIUM
    • BELIZE
    • BENIN
    • BERMUDA
    • BHUTAN
    • BOLIVIA
    • BOSNIA AND HERZEGOVINA
    • BOTSWANA
    • BOUVET ISLAND
    • BRAZIL
    • BRITISH INDIAN OCEAN TERRITORY
    • BRUNEI DARUSSALAM
    • BULGARIA
    • BURKINA FASO
    • BURUNDI
    • CAMBODIA
    • CAMEROON
    • CANADA
    • CAPE VERDE
    • CAYMAN ISLANDS
    CENTRAL AFRICAN REPUBLIC CHAD CHILE CHINA CHRISTMAS ISLAND COCOS (KEELING) ISLANDS COLOMBIA COMOROS CONGO COOK ISLANDS COSTA RICA COTE D'IVOIRE CROATIA CUBA CYPRUS CZECH REPUBLIC DENMARK DJIBOUTI DOMINICA DOMINICAN REPUBLIC EAST TIMOR ECUADOR EGYPT EL SALVADOR EQUATORIAL GUINEA ERITREA ESTONIA ETHIOPIA FALKLAND ISLANDS (MALVINAS) FAROE ISLANDS FIJI FINLAND FRANCE FRENCH GUIANA FRENCH POLYNESIA FRENCH SOUTHERN TERRITORIES GABON GAMBIA GEORGIA GERMANY GHANA GIBRALTAR GREECE GREENLAND GRENADA GUADELOUPE GUAM GUATEMALA GUINEA GUINEA-BISSAU GUYANA HAITI HEARD ISLAND AND MCDONALD ISLANDS HOLY SEE (VATICAN CITY STATE) HONDURAS HONG KONG HUNGARY ICELAND INDIA INDONESIA IRAN IRAQ IRELAND ISRAEL ITALY JAMAICA JAPAN JORDAN KAZAKSTAN KENYA KIRIBATI KUWAIT KYRGYZSTAN LAO PEOPLE'S DEMOCRATIC REPUBLIC LATVIA LEBANON LESOTHO LIBERIA LIBYAN ARAB JAMAHIRIYA LIECHTENSTEIN LITHUANIA OURG LUXEMBOURG MACAU MACEDONIA MADAGASCAR MALAWI MALAYSIA MALDIVES MALI MALTA MARSHALL ISLANDS MARTINIQUE MAURITANIA MAURITIUS MAYOTTE MEXICO MICRONESIA, FEDERATED STATES OF MOLDOVA, REPUBLIC OF MONACO MONGOLIA MONTSERRAT MOROCCO MOZAMBIQUE MYANMAR NAMIBIA NAURU NEPAL NETHERLANDS NETHERLANDS ANTILLES NEW CALEDONIA NEW ZEALAND NICARAGUA NIGER NIGERIA NIUE NORFOLK ISLAND NORTH KOREA NORTHERN MARIANA ISLANDS NORWAY OMAN PAKISTAN PALAU PALESTINIAN TERRITORY, OCCUPIED PANAMA PAPUA NEW GUINEA PARAGUAY PERU PHILIPPINES PITCAIRN POLAND PORTUGAL PUERTO RICO QATAR REUNION ROMANIA RUSSIAN FEDERATION RWANDA SAINT HELENA SAINT KITTS AND NEVIS SAINT LUCIA SAINT PIERRE AND MIQUELON SAINT VINCENT AND THE GRENADINES SAMOA SAN MARINO SAO TOME AND PRINCIPE SAUDI ARABIA SENEGAL SEYCHELLES SIERRA LEONE SINGAPORE SLOVAKIA SLOVENIA SOLOMON ISLANDS SOMALIA SOUTH AFRICA SOUTH GEORGIA SOUTH KOREA SPAIN SRI LANKA SUDAN SURINAME SVALBARD AND JAN MAYEN SWAZILAND SWEDEN SWITZERLAND SYRIAN ARAB REPUBLIC TAIWAN TAJIKISTAN TANZANIA, UNITED REPUBLIC OF THAILAND TOGO TOKELAU TONGA TONGA TRINIDAD AND TOBAGO TUNISIA TURKEY TURKMENISTAN TURKS AND CAICOS ISLANDS TUVALU UGANDA UKRAINE UNITED ARAB EMIRATES UNITED KINGDOM UNITED STATES (safe harbor) US MINOR OUTLYING ISLANDS URUGUAY UZBEKISTAN VANUATU VENEZUELA VIET NAM VIRGIN ISLANDS, BRITISH VIRGIN ISLANDS, U.S. WALLIS AND FUTUNA WESTERN SAHARA YEMEN YUGOSLAVIA ZAMBIA ZIMBABWE Rodney D. Ryder Scriboard
  • Industrialised Countries Legislation timeline Rodney D. Ryder Scriboard South Korea eCommerce Act In force January 1999 New Zealand Privacy Act In force 1 July 1993 United States (includes) CPP Act 1984 VPP Act 1988 COPP Act 1998 In force 21 April 2000 HIPA Act In force 14 April 2001 GLB Act In force 1 July 2001 ‘ General’ Act Under consideration Finland Personal DP Act In force 1 June 1999 Denmark Act on Processing f PD In force 1 July 2000 Luxembourg - Netherlands Law on Protection PD ct In force 1 Sep 2001 Greece Protection Processing In force 10 April 1997 Ireland - Eastern Europe Estonia (96) Poland (98) Solovak (98) Slovenia (99) Hungary (99) Czech (00) Latvia (00) Lithuania (00) Portugal Personal DP Act In force 27 October 1998 Spain Data Protection Act In force 13 January 2000 Canada PIP&ED Act Commenced 1 Jan 2001 United Kingdom Data Protection Act In force 1 March 2000 France - Australia Privacy Act In force 21 Dec 2001 Sweden Personal Data Act In force 24 October 1998 Belgium Data Protection Act In force 1 Sep 2001 Norway Personal D Reg Act In force 14 April 2000 Italy Data Protection Act In force 8 May 1997 Austria Data Protection Act In force 1 January 2000 Germany Data Protection Act In force 23 May 2001 Switzerland Data Protection Act In force 1 June 1999 Taiwan Computer Processed DP In force 11 August 1995 Hong Kong Personal Data (Privacy ) In force 20 Dec 1996 Mexico eCommerce Act In force 7 June 2000
  • Possible approaches to Data Protection Data Protection in Europe Rodney D. Ryder Scriboard
  • European Data Protection Directive
    • Directive 95/46/EC of the European Commission
    • Now implemented in almost all Member States
    e.g. UK previously - UK Data Protection Act 1984 now - UK Data Protection Act 1998 (in force March 2000) (“DPA”) Rodney D. Ryder Scriboard
  • UK DPA 1998 - The Eight Principles 1. Personal data must be processed fairly and lawfully 2. Personal data must be collected and used only for notified purposes. 3. Personal data must be adequate, relevant and not excessive. 4. Personal data must be accurate and, where necessary, kept up-to-date. 5. Personal data must only be retained for as long as is necessary to carry out the purposes for which it is collected. 6. Personal data must be processed in accordance with the rights of data subjects as set out under the 1998 Act. Rodney D. Ryder Scriboard
  • UK DPA 1998 - The Eight Principles 7. Appropriate technical and organisational measures must be in place to protect against unauthorised access, amendment or loss of personal data. There must be a contractual obligation, in writing, upon any data processor to comply with the relevant legislation and to ensure that such measures have been put in place. 8. Personal information must not be transferred out of the European Economic Area (&quot;EEA&quot;) unless the receiving country ensures &quot;an adequate level of protection&quot; for the rights and freedoms of the data subjects vis-à-vis the processing of personal data. Rodney D. Ryder Scriboard
  • Transfers of Personal Data from Europe to India The Eighth Principle Personal information must not be transferred out of the European Economic Area (&quot;EEA&quot;) unless the receiving country ensures &quot;an adequate level of protection&quot; for the rights and freedoms of the data subjects vis-à-vis the processing of personal data. Rodney D. Ryder Scriboard
  • Alternative Grounds: “Seventh-Principle” type contract
    • Notwithstanding lack of country adequate status, a Data Controller can nevertheless conclude there is adequate protection in respect of a particular transfer if:
    • There is sufficient protection for individual data subjects
    • Having regard to: - nature of data being transferred;
            • - purposes for processing;
            • - security measures in place;
            • - individual rights to redress if things go wrong
    • Note - all of these could be covered in a Seventh-Principle type contract
    Rodney D. Ryder Scriboard
  • Possible models for India Data Protection in the USA Rodney D. Ryder Scriboard
  • Data Protection in the United States United States (Federal) Fair Credit Reporting Act 1970 Privacy Act 1974 Family Educational Rights and Privacy Act 1974 Cable TV Privacy Act 1974 Right to Financial Privacy Act 1978 Privacy Protection Act 1980 Cable Communications Policy Act 1984 Electronic Communications Privacy Act 1986 Video Privacy Protection Act 1988 Employee Polygraph Protection Act 1988 Telephone Consumer Protection Act 1991 Driver’s Privacy Protection Act 1994 Communications Assistance to Law Enforcement Act 1994 Health Insurance Portability and Accountability Act 1996 Children's Online Privacy Protection Act 1998 Deceptive Mail Prevention and Enforcement Act 1999 Financial Services Modernization Act 1999 ‘ General’ Act Under consideration? Safe Harbor In effect 2001
    • Self certified compliance with ‘adequate’ principles
    • Regulatory enforcement of trade practices legislation
    Rodney D. Ryder Scriboard
  • US Safe Harbor - self regulation
    • However, only 356 companies in the whole of the United States have current Safe Harbor registrations
    • This raises questions as to the credibility of the safe harbor regime
    • Safe Harbor also only addresses transfers of data from abroad, and does not offer comprehensive protection for US citizens
    Rodney D. Ryder Scriboard
  • Balancing Privacy & Security - terrorism
    • Antiterrorism Acts:
      • USA <the Patriot Act>
      • 26 October 2001
      • Canada 16 October 2001
      • India <Prevention of Terrorism Act>
    • easier to use electronic surveillance
    • continue and clarify the mandate of the law enforcement to collect foreign communications
    • requires individuals who have information related to a terrorist groups to appear before a judge to provide that information
    • extending DNA data bank to include terrorist crimes
    • Issues
      • enhanced investigative powers
      • will governments enforce privacy laws?
        • US, Canada, UK, EU, Australia
    • Thoughts
      • data protection enforcement is generally complaint based
      • public continually stress privacy concerns
      • good privacy is good business
      • erosion of privacy is a win for terrorism
    Rodney D. Ryder Scriboard
  • Digital Rights Management Digital Rights Management Rodney D. Ryder Scriboard
  • Copyright Law and Practice: a historical timeline Technology and the Law – the stages of copyright law The ‘monastic’ or ‘gurukul’ [oral tradition] The birth of copyright [Gutenberg and the Printing Press] The era of promiscuity: the Internet and Technology [the WIPO Copyright Treaty and the ‘DMCA’] The ‘World’s Biggest Copying Machine’ [PC Week; January 27, 1997] Rodney D. Ryder Scriboard
  • Copyright and the Internet [Technological Developments and the Law]
    • Digitisation [unlike analogue copies, which degrade with each copy; digital media allows perfect copies to be made indefinitely]
    • Digital Compression Technologies [MP3 for music – large media files can be compressed without a loss in quality]
    • Bandwidth [increased availability of high-speed internet connectivity further aids distribution of high quality digital files]
    Rodney D. Ryder Scriboard
  • Napster – the file sharing mechanism [A & M Records, Inc. v. Napster, Inc.; 239 F. 3d 1004; 9 th Cir. 2001] Rodney D. Ryder Scriboard
  • Bit Torrent – the tracker device Rodney D. Ryder Scriboard
  • Preventing Piracy [I] – Technical Measures Copy Protection [Encryption – encoding digital content to prevent it from being viewed; Copy Control Flags – digital ‘flags’ inserted as indicators; CD Copy Protection – insertion of an ‘additional’ track to prevent unauthorised recording] Copyright Protection [Digital Watermarking – digital signals embedded to detect or verify originality; Digital fingerprinting – digital signal embedded in the file containing information on the buyer] Cross-industry protection measures [Secure Digital Music Initiative [SDMI] – developed by a consortium of music companies; uses watermarking and copy protection] Rodney D. Ryder Scriboard
  • Preventing Piracy [I] – Circumvention Measures
    • Circumvention Technologies – primarily aimed at bypassing the range of technical measures [described in the previous slide]
    • Software approaches include the decryption and translation of files
    • DeCSS [and similar programmes] that allows users to decrypt DVD files
    • Programme designed to remove protection from Adobe’s e-Book Reader [Dmitry Skylarov]
    Rodney D. Ryder Scriboard
  • Digital Rights Management, Anti-Circumvention, the DMCA and Dmitry Sklyarov
    • The Digital Millennium Copyright Act [DMCA] - Prohibition on Circumvention:
    • i) Making the technology/device for bypassing
    • ii) Selling the Circumvention technology/devices
    • iii) Publishing information on the circumvention technology/device.
    • Dmitry Skylarov: Russian programmer with ElcomSoft Co. Ltd.
    • Circumvented Adobe e-Book files’ encryption
    • Does the DMCA apply in Russia?
    • ‘ Arrested’ and charged for 25 years imprisonment under the DMCA.
    Rodney D. Ryder Scriboard
  • Electronic Mark Rodney D. Ryder Scriboard
  • Electronic Mark: an illustration Rodney D. Ryder Scriboard
  • Digital Rights Management Software Rodney D. Ryder Scriboard
  • Digital Rights Management Software Rodney D. Ryder Scriboard
  • Digital Rights Management: the law and technology partnership Rodney D. Ryder Scriboard
  • Any questions? Rodney D. Ryder Scriboard
  • Internet Security and Legal Compliance Regulating Cyberspace – Version 2.0 Rodney D. Ryder [email_address] Technology, Media and Communications